State of knowledge

May 2022 

ProCall Enterprise 7.4.1

ProCall Enterprise

Information about ProCall Enterprise 7.4.1

In ProCall Release 7.4.1 () the Yealink SDK (libyealinkusbsdk.dll) for call control was no longer shipped with the installation due to the reasons listed below. Please note that even if you update from 7.4.0 to 7.4.1, the SDK will no longer be installed.

However, if you urgently need the functionality "Call control with Yealink headsets", then you can ask Yealink for the SDK (libyealinkusbsdk.dll) and copy it manually into the new subfolder "\driver\x86\Yealink" to be created in the ProCall client installation.

If you are already using version 7.4.0, you can also use this method to temporarily copy away the DLL file before updating to 7.4.1 and then copy it back after the update.

Yealink is working hard to resolve the false positive virus alerts when using "sophos Central Intercept X Advanced with XDR".

As soon as a solution is available, the SDK will also become an official part of ProCall 7 Enterprise again.


After updating the ProCall client to version, it no longer starts.

Sophos reports "Malicious exploit ROP in estos ProCall"


In ProCall version the new feature "Yealink Headset HID support" is built in, for this a Yealink SDK was included.

C:\Program Files (x86)\estos\ProCall\driver\x86\Yealink → libyealinkusbsdk.dll

What has estos undertaken

We scanned the DLL with Virustotal and nothing malicious was found:

We have contacted Yealink, the feedback on this is still pending.

What you can do

Report it to Sophos to whitelist this DLL.


There are the following three options:

  • Create an exception in the Sophos
  • A registry key can be set so that the SDK is not loaded when the ProCall client is started:
Windows Registry Editor Version 5.00

  • Delete the following folder on the client with the SDK (not update-safe):

C:\Program Files (x86)\estos\ProCall\driver\x86\Yealink